If he was not misled by the false "on hover" representation of the link in his address bar, then its possible he means:
1. That Twitter uses a "short link" where Google uses some kind of (I trust) token-secured "open redirect"
or
2. That Google uses a {Javascript, 301, ...} redirect where Twitter uses a {Javascript, 301, ...} redirect.
Depending on what User-agent I sent, I got Twitter to variously return a Javascript or 301 Moved Permanently response. I could only get Google to return a Javascript response to cURL, but I did not try hard, and I would not rule out Google employing different redirect methods, particularly on their search results page. Google is notorious for falling back to different methods depending on the particulars of the client. See:
So they at least both use the Javascript method. In any event, if you mod out the content of the hyperlink after the domain, and mod out the content of the text based HTTP response (!), which is fair here, then the methods are all equivalent, and all generate the same server diagrams.
In this case, there is not much difference between the browser parsing plaintext in HTTP headers that tells it to go to a different site and the browser parsing plaintext in an HTTP body that tells it to go to a different site once executed in a Javascript engine.
How does the fake link hover work? With Javascript turned off the first time I hover over a link I see the google redirect url but the second time I hover I see the fake url.
1. That Twitter uses a "short link" where Google uses some kind of (I trust) token-secured "open redirect"
or
2. That Google uses a {Javascript, 301, ...} redirect where Twitter uses a {Javascript, 301, ...} redirect.
Depending on what User-agent I sent, I got Twitter to variously return a Javascript or 301 Moved Permanently response. I could only get Google to return a Javascript response to cURL, but I did not try hard, and I would not rule out Google employing different redirect methods, particularly on their search results page. Google is notorious for falling back to different methods depending on the particulars of the client. See:
http://www.stevesouders.com/blog/2010/07/12/velocity-forcing...
So they at least both use the Javascript method. In any event, if you mod out the content of the hyperlink after the domain, and mod out the content of the text based HTTP response (!), which is fair here, then the methods are all equivalent, and all generate the same server diagrams.
In this case, there is not much difference between the browser parsing plaintext in HTTP headers that tells it to go to a different site and the browser parsing plaintext in an HTTP body that tells it to go to a different site once executed in a Javascript engine.